class StudentsController < ApplicationController
  before_filter :authenticate!
  before_filter :protect_from_student, :except => [:show, :cancellation_reports, :driving_lessons]
  before_filter :protect_from_instructor, :except => [:show]
  before_filter :correct_user, :only => [:show, :cancellation_reports, :driving_lessons]
  # GET /students
  # GET /students.json
  def index
    @students = Student.all

    respond_to do |format|
      format.html # index.html.erb
      format.json { render json: @students }
    end
  end

  # GET /students/1
  # GET /students/1.json
  def show
    @student = Student.find(params[:id])

    respond_to do |format|
      format.html # show.html.erb
      format.json { render json: @student }
    end
  end

  # GET /students/new
  # GET /students/new.json
  def new
    @student = Student.new

    respond_to do |format|
      format.html # new.html.erb
      format.json { render json: @student }
    end
  end

  # GET /students/1/edit
  def edit
    @student = Student.find(params[:id])
  end

  # POST /students
  # POST /students.json
  def create
    @student = Student.new(params[:student])

    respond_to do |format|
      if @student.save
        format.html { redirect_to @student, notice: 'Student was successfully created.' }
        format.json { render json: @student, status: :created, location: @student }
      else
        format.html { render action: "new" }
        format.json { render json: @student.errors, status: :unprocessable_entity }
      end
    end
  end

  # PUT /students/1
  # PUT /students/1.json
  def update
    @student = Student.find(params[:id])

    respond_to do |format|
      if @student.update_attributes(params[:student])
        format.html { redirect_to @student, notice: 'Student was successfully updated.' }
        format.json { head :no_content }
      else
        format.html { render action: "edit" }
        format.json { render json: @student.errors, status: :unprocessable_entity }
      end
    end
  end

  # DELETE /students/1
  # DELETE /students/1.json
  def destroy
    @student = Student.find(params[:id])
    @student.destroy

    respond_to do |format|
      format.html { redirect_to students_url }
      format.json { head :no_content }
    end
  end

  # GET /students/1/cancellation_reports
  def cancellation_reports
    @student = Student.find(params[:id])
    @cancellation_reports = @student.cancellation_reports

    respond_to do |format|
      format.html { render 'cancellation_reports/index'}
      format.json { render json: @cancellation_reports }
    end
  end

  # GET /students/1/driving_lessons
  def driving_lessons
    @student = Student.find(params[:id])
    @driving_lessons = @student.driving_lessons

    respond_to do |format|
      format.html { render 'driving_lessons/index'}
      format.json { render json: @driving_lessons }
    end
  end

  def correct_user
    @student = Student.find(params[:id])
    if @current_user.student?
      unless @current_user.usable.id == @student.id
        redirect_to actions_url, :alert => "Not authorized to view info about this student"
      end
    end
  end
end
